Systems that are secured for use over by authorized individuals commonly rely upon a Personal Identification Number (PIN) that is assigned to, or selected by, the individual and that must be remembered by the individual for use in the system to verify his identity as an authorized user. For enhanced security against unauthorized users, such a secured system should permit the PIN of any character length to be selected by the authorized user rather than be assigned by, or otherwise known to, the authorizing institution that operates the secured system. In addition, any use made of the PIN by the authorizing institution should ideally be only in encrypted form or within a security module so that the PIN of an authorized user is never available in unsecured form or in clear, readable text. Also, where large populations must be authorized to use the secured system, each user should be provided with a unique authorization by a scheme that is conducive to mass handling, with little opportunity for error and at low cost. In addition, the institution operating the secured system commonly requires a record signature of the authorized user.
Conventional secured banking systems typically assign a PIN or require the user to appear in person to select a PIN and to provide other information and a record signature. For a large population of users, it should be possible to complete the authorization process by mail without compromising the PIN or other information about the user. However, current procedures for completing user authorization at remote sites (via mail or telephone, or the like) commonly require clear text transfer of the PIN and other information and such procedures thus involve unacceptable risks of loss of secured information about a user.